High severity7.5NVD Advisory· Published Mar 21, 2024· Updated Jun 17, 2026
CVE-2024-29031
CVE-2024-29031
Description
Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the order parameter of GetMeshSyncResources. Version 0.7.17 contains a patch for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/layer5io/mesheryGo | < 0.7.17 | 0.7.17 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13nvdPatchWEB
- github.com/meshery/meshery/pull/10207nvdIssue TrackingPatchWEB
- securitylab.github.com/advisories/GHSL-2023-249_Meshery/nvdExploitThird Party Advisory
- github.com/advisories/GHSA-652r-q29p-m25hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-29031ghsaADVISORY
- securitylab.github.com/advisories/GHSL-2023-249_MesheryghsaADVISORY
News mentions
0No linked articles in our index yet.